carbon-tab
carbon-tab copied to clipboard
Booligoosh
🌎🏭📈 Data about the climate crisis, in your new tab. Get the extension for Firefox or Chrome today!
Bumps [terser](https://github.com/terser/terser) from 4.1.3 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) v4.8.0 Support for numeric separators (million...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [async](https://github.com/caolan/async) from 2.6.3 to 2.6.4. Changelog Sourced from async's changelog. v2.6.4 Fix potential prototype pollution exploit (#1828) Commits c6bdaca Version 2.6.4 8870da9 Update built files 4df6754 update changelog 8f7f903...
检测到 Booligoosh/carbon-tab 一共引入了626个开源组件,存在23个漏洞 ``` 漏洞标题:serialize-javascript 代码问题漏洞 缺陷组件:[email protected] 漏洞编号:CVE-2020-7660 漏洞描述:Verizon serialize-javascript是美国威瑞森电信(Verizon)公司的一款支持将JavaScript序列化为 JSON超集的软件包。 serialize-javascript 3.1.0之前版本中存在代码问题漏洞。远程攻击者可借助index.js文件中的‘deleteFunctions’函数利用该漏洞注入任意代码。 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2020-53801 影响范围:(∞, 3.1.0) 最小修复版本:3.1.0 缺陷组件引入路径:[email protected]>[email protected]>[email protected]>[email protected] [email protected]>[email protected]>[email protected] ``` 另外还有23个漏洞,详细报告:https://mofeisec.com/jr?p=id0e2f
![dependasec[bot] avatar](https://avatars.githubusercontent.com/in/180093?v=4 "dependasec[bot] avatar"){kind=avatar}
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.2 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@ChALkeR). Fix boolean schemas with strictKeywords...
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19. Commits 9a6faa0 4.4.19 70ef812 drop dirCache for symlink on all platforms 3e35515 4.4.18 52b09e3 fix: prevent path escape using drive-relative paths bb93ba2 fix: reserve...
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [postcss](https://github.com/postcss/postcss) from 7.0.17 to 7.0.36. Release notes Sourced from postcss's releases. 7.0.36 Backport ReDoS vulnerabilities from PostCSS 8. 7.0.35 Add migration guide link to PostCSS 8 error text. 7.0.34...
Bumps [ws](https://github.com/websockets/ws) from 7.1.1 to 7.4.6. Release notes Sourced from ws's releases. 7.4.6 Bug fixes Fixed a ReDoS vulnerability (00c425ec). A specially crafted value of the Sec-Websocket-Protocol header could be...
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.6.6 to 4.16.6. Changelog Sourced from browserslist's changelog. 4.16.6 Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman). 4.16.5 Fixed unsafe RegExp (by Yeting Li). 4.16.4 Fixed unsafe...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.2 to 2.8.9. Changelog Sourced from hosted-git-info's changelog. 2.8.9 (2021-04-07) Bug Fixes backport regex fix from #76 (29adfe5), closes #84 2.8.8 (2020-02-29) Bug Fixes #61 & #65...
Metadata
Owner
Metadata
🌎🏭📈 Data about the climate crisis, in your new tab. Get the extension for Firefox or Chrome today!